PT-2025-25868 · Linux+4 · Linux Kernel+4

Published

2022-08-25

Updated

2025-07-28

CVE-2022-49942

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the wifi mac80211 component. The issue occurs when the system is not connected to a channel and attempts to send a channel "switch" announcement, which does not make sense in this state. This causes the cfg80211 get bss() function to return NULL, triggering a WARN ON() in ieee80211 ibss csa beacon(). The fix involves checking for an existing connection before generating the CSA beacon in ieee80211 ibss finish csa().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-371CWE-476

Related Identifiers

BDU:2026-02021

CESA-2023_2951

CVE-2022-49942

OESA-2025-1820

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02320-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02308-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-25868 · Linux+4 · Linux Kernel+4

CVE-2022-49942

Weakness Enumeration

Related Identifiers

Affected Products

References · 653